Orangfuzz – an experimental user interaction fuzzer for Firefox OS

One of the goals of the fuzzing team is to identify security vulnerabilities within our products using various techniques. As we continue working with Firefox OS, we need to build and adapt the proper tools to enable fuzz testing on the mobile device.

This concept was inspired by bug 838215, which was a crash involving the handling of touch events.

Orangfuzz currently only supports the B2G Test Driver device, but adding additional support for other devices, if Orangutan supports them, is straightforward. We define the device through its specifications (e.g. home key location, screen resolution). Adding support for additional devices is as simple as adding new subclasses which provide the appropriate resolution and screensizes. It may be possible to run this against the B2G emulators but this has not been tested.

Warning: It is entirely possible to generate a script that contains a set of actions that dial emergency numbers such as “911”, “112” or “999”, so it is recommended to run the script against a special build of Gaia (not yet well-tested) with dialing and messaging capabilities disabled if one wants to run orangfuzz continuously without supervision.

At this point we are still experimenting with the most effective strategy for identifying and triaging crashes, but please feel free to file bugs or ideas moving forward either on GitHub or in Bugzilla. Do subscribe to the mozilla.dev.b2g newsgroup if one is interested.